behind nginx-proxy

[unguamorray]

I can not get it it working behind nginx proxy - all functions on server works but cant access webserver, webmail and sts with nginx proxy.
Also webserver and webmail do not accept NonTLS, as its test case in lxc container - i can access web and webmail by public ip but not by proxy name redirect ...

to be clear:
internal:
192.168.10.199 - all working

public:
192.168.9.199 - server part and emails working
192.168.9.199, 192.168.9.199/admin, 192.168.9.199/webmail - working

nginx proxy domain.com->192.168.10.199, admin, webmail, sts - not working

It acts as http/https services listen only on ip - its ok for internals - but public must listen on names - based on domain

also dnssec is on other lxc with ip 192.168.9.99 and works only with: options edns0 trust-ad in resolv.conf

and between - about fal2ban - it bans at least 10 botters a day ... but fail2ban is kinda stupid way so its nice to have internal rate limiter for fails ...

[mjl-]

nginx proxy domain.com->192.168.10.199, admin, webmail, sts - not working

In what way is it not working? Do you see the requests coming in at mox? And is mox responding with 404? or is there another error?

In the past, I've seen some issues before where nginx wasn't forwarding the original hostname, so requests were sent to mox without hostname. I think that was the default reverse proxy configuration in nginx.

Perhaps you can show the mox.conf snippets for the public listener, and the nginx config that is doing the forwarding, and any logging by nginx and mox?

also dnssec is on other lxc with ip 192.168.9.99 and works only with: options edns0 trust-ad in resolv.conf

Yes, that's expected. The "trust-ad" is not necessary when the nameserver is on a loopback IP. But anything that's not clearly on the same machine needs to be explicitly marked as trust-ad.

[unguamorray]

when u make http request to local ip or to public ip (they are both local for my pc) - u make it by ip - and all works
when u make http request by name - it of cource comes trough dns->real ip->nginx proxy-> which redirects it to public (for mox) ip
then it does not work nor web/webmai/admin nor sts -> 404 page not found

[unguamorray]

ok found the problem - mox makes everythig relative to hostname not to domainname
so http / https requests in proxy must be host.domain.com not direct domain.com

hostname.domain.com - works, hostname.domain.com/admin - works, hostname.domain.com/webmail - works
nothing at domain.com works

now only sts dont work - couse i cant make it relative to hostname couse it is expected relative to domainname
mox says in logs nonmach - for all nonworking

AND THATS WHY ITS BAD the system to be so closed - i cant even see does this sts text file exists ...

And as for the easy of setup and use - well ITS NOT !!! it more like : guess how it works and hadles everything one by one ...

Else on the good side - its FAST ! and LOW ON RESOURCES ! which is great
Also it has no obvious bugs ... well just once iv crashed it with overlapping ports ...